Uploaded image for project: 'Crucible'
  1. Crucible
  2. CRUC-8163

Missing permission check in review coverage REST endpoint - CVE-2017-18035

XMLWordPrintable

      The /rest/review-coverage-chart/1.0/data/<repository_name>/.json resource in Atlassian Fisheye and Crucible before version 4.5.1 and 4.6.0 was missing a permissions check, this allows remote attackers who do not have access to a particular repository to determine its existence and access review coverage statistics for it.

      Affected versions:

      Older than 4.5.1

      Fix versions:

      4.5.1, 4.6.0

              Unassigned Unassigned
              aslaski Adam Slaski (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: